On Wed, Feb 23, 2022 at 09:10:04PM +0100, Florian Westphal wrote: > There is no guarantee that state->sk refers to a full socket. > > If refcount transitions to 0, sock_put calls sk_free which then ends up > with garbage fields. > > I'd like to thank Oleksandr Natalenko and Jiri Benc for considerable > debug work and pointing out state->sk oddities. Applied, thanks
